Google Git
Sign in
android-kvm / buildroot / fef22e166163cbdad43b08e0d34e3280f70d175b / . / package / libcap / 0001-Support-dynamic-test-compilation-and-execution.patch
blob: a456ea55d9c106364c4729bf8d67bd2a5ae54cb6 [file] [log] [blame]
From 307e7f5744b7c84af4c07091c5310cf4f9514694 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Mon, 7 Sep 2020 12:24:43 -0700
Subject: Support dynamic test compilation and execution.
make DYNAMIC=yes test sudotest
works now. Thomas Petazzoni provided a patch that built
the tests this way, but I've restructured things to
make the above command line work against the uninstalled
library builds.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
[Retrieved from:
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=307e7f5744b7c84af4c07091c5310cf4f9514694]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
Make.Rules | 2 +-
go/Makefile | 6 +++---
go/try-launching.go | 2 +-
progs/.gitignore | 1 +
progs/Makefile | 15 ++++++++++-----
progs/quicktest.sh | 8 ++++----
tests/Makefile | 23 +++++++++++++++--------
7 files changed, 35 insertions(+), 22 deletions(-)
diff --git a/Make.Rules b/Make.Rules
index c62f541..8c3f9b3 100644
--- a/Make.Rules
+++ b/Make.Rules
@@ -69,7 +69,7 @@ WARNINGS=-Wall -Wwrite-strings \
LD=$(CC) -Wl,-x -shared
LDFLAGS ?= #-g
LIBCAPLIB := -L$(topdir)/libcap -lcap
-LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread
+LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread -Wl,-wrap,pthread_create
BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
diff --git a/go/Makefile b/go/Makefile
index c5ad7aa..19b3e29 100644
--- a/go/Makefile
+++ b/go/Makefile
@@ -23,8 +23,8 @@ all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web compare-cap try-launching
$(DEPS):
make -C ../libcap all
-../progs/capsh:
- make -C ../progs capsh
+../progs/tcapsh-static:
+ make -C ../progs tcapsh-static
src/$(IMPORTDIR)/psx:
mkdir -p "src/$(IMPORTDIR)"
@@ -70,7 +70,7 @@ ifeq ($(CGO_REQUIRED),0)
CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
endif
-test: all ../progs/capsh
+test: all ../progs/tcapsh-static
CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
LD_LIBRARY_PATH=../libcap ./compare-cap
diff --git a/go/try-launching.go b/go/try-launching.go
index 1c3d477..272fd0a 100644
--- a/go/try-launching.go
+++ b/go/try-launching.go
@@ -32,7 +32,7 @@ func tryLaunching() {
}{
{args: []string{root + "/go/ok"}},
{
- args: []string{root + "/progs/capsh", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
+ args: []string{root + "/progs/tcapsh-static", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
iab: "!cap_chown,^cap_setuid,cap_sys_admin",
uid: 123,
gid: 456,
diff --git a/progs/.gitignore b/progs/.gitignore
index 1c7ff23..978229e 100644
--- a/progs/.gitignore
+++ b/progs/.gitignore
@@ -1,4 +1,5 @@
capsh
+tcapsh-static
getcap
getpcaps
setcap
diff --git a/progs/Makefile b/progs/Makefile
index 076e44f..1b27c41 100644
--- a/progs/Makefile
+++ b/progs/Makefile
@@ -8,13 +8,15 @@ PROGS=getpcaps capsh getcap setcap
BUILD=$(PROGS)
-ifneq ($(DYNAMIC),yes)
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+else
LDFLAGS += --static
endif
DEPS=../libcap/libcap.a ../libcap/libpsx.a
-all: $(BUILD)
+all: $(BUILD) tcapsh-static
$(DEPS):
make -C ../libcap all
@@ -36,9 +38,12 @@ endif
test: $(PROGS)
-sudotest: test
- sudo ./quicktest.sh
+tcapsh-static: capsh.c $(DEPS)
+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
+
+sudotest: test tcapsh-static
+ sudo $(LDPATH) ./quicktest.sh
clean:
$(LOCALCLEAN)
- rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap
+ rm -f *.o $(BUILD) tcapsh* privileged ping hack.sh compare-cap
diff --git a/progs/quicktest.sh b/progs/quicktest.sh
index fbe98a6..5873317 100755
--- a/progs/quicktest.sh
+++ b/progs/quicktest.sh
@@ -45,7 +45,7 @@ pass_capsh () {
pass_capsh --print
# Make a local non-setuid-0 version of capsh and call it privileged
-cp ./capsh ./privileged && /bin/chmod -s ./privileged
+cp ./tcapsh-static ./privileged && /bin/chmod -s ./privileged
if [ $? -ne 0 ]; then
echo "Failed to copy capsh for capability manipulation"
exit 1
@@ -77,7 +77,7 @@ pass_capsh --mode=PURE1E --iab='!%cap_chown,cap_sys_admin'
pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
/bin/rm -f tcapsh
-/bin/cp capsh tcapsh
+/bin/cp tcapsh-static tcapsh
/bin/chown root.root tcapsh
/bin/chmod u+s tcapsh
/bin/ls -l tcapsh
@@ -166,7 +166,7 @@ pass_capsh --keep=1 --uid=$nouid --caps=cap_setpcap=ep \
# Verify we can chroot
pass_capsh --chroot=$(/bin/pwd)
-pass_capsh --chroot=$(/bin/pwd) ==
+pass_capsh -- -c "./tcapsh-static --chroot=$(/bin/pwd) =="
fail_capsh --chroot=$(/bin/pwd) -- -c "echo oops"
./capsh --has-ambient
@@ -216,7 +216,7 @@ echo "testing namespaced file caps"
# nsprivileged capsh will have an ns rootid value (this is
# the same setup as an earlier test but with a ns file cap).
rm -f nsprivileged
-cp ./capsh ./nsprivileged && /bin/chmod -s ./nsprivileged
+cp ./tcapsh-static ./nsprivileged && /bin/chmod -s ./nsprivileged
./setcap -n 1 all=ep ./nsprivileged
if [ $? -eq 0 ]; then
./getcap -n ./nsprivileged | fgrep "[rootid=1]"
diff --git a/tests/Makefile b/tests/Makefile
index 0c86ee8..a555887 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -7,6 +7,12 @@ include ../Make.Rules
DEPS=../libcap/libcap.a ../libcap/libpsx.a
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+else
+LDFLAGS += --static
+endif
+
all: psx_test libcap_psx_test libcap_launch_test
$(DEPS):
@@ -19,30 +25,31 @@ sudotest: test run_libcap_launch_test run_libcap_launch_test
install: all
run_psx_test: psx_test
- ./psx_test
+ $(LDPATH) ./psx_test
psx_test: psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB) -Wl,-wrap,pthread_create
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB)
run_libcap_psx_test: libcap_psx_test
- ./libcap_psx_test
+ $(LDPATH) ./libcap_psx_test
libcap_psx_test: libcap_psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
run_libcap_launch_test: libcap_launch_test libcap_psx_launch_test noop
- sudo ./libcap_launch_test
- sudo ./libcap_psx_launch_test
+ sudo $(LDPATH) ./libcap_launch_test
+ sudo $(LDPATH) ./libcap_psx_launch_test
libcap_launch_test: libcap_launch_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) --static
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LDFLAGS)
# this varies only slightly from the above insofar as it currently
# only links in the pthreads fork support. TODO() we need to change
# the source to do something interesting with pthreads.
libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
+ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+# This one runs in a chroot with no shared library files.
noop: noop.c
$(CC) $(CFLAGS) $< -o $@ --static
--
cgit 1.2.3-1.el7